Connect with us

Hi, what are you looking for?


White House wants US govt to use a Zero Trust security model


White House wants US govt to use a Zero Trust security model

A newly released Federal strategy wants the US government to adopt a “zero trust” security model within the next two years to defend against current threats and boost cybersecurity defenses across federal agencies.

The strategy was released today by the White House’s Office of Management and Budget (OMB), which supervises the implementation of the President’s vision across the US Executive Branch.

Today’s announcement follows the release of an initial strategy draft in September 2021, which was prompted by the President’s Executive Order (EO) 14028.

The executive order initiated a government-wide effort to migrate toward zero trust and modernize the nation’s defenses against cyberattacks.

“This memorandum sets forth a Federal zero trust architecture (ZTA) strategy, requiring agencies to meet specific cybersecurity standards and objectives by the end of Fiscal Year (FY) 2024 in order to reinforce the Government’s defenses against increasingly sophisticated and persistent threat campaigns,” said Shalanda D. Young, OMB’s Acting Director. (PDF)

“Those campaigns target Federal technology infrastructure, threatening public safety and privacy, damaging the American economy, and weakening trust in Government.”

Key elements of the new zero trust strategy include improved phishing defense through strong multifactor authentication, consolidation of agency identity systems, encrypting traffic and treating internal networks as untrusted, and strengthening application security to protect data better.

Advertisement. Scroll to continue reading.

OMB’s new federal zero trust strategy foresees a Federal Government where:

  • Federal staff have enterprise-managed accounts, allowing them to access everything they need to do their job while remaining reliably protected from even targeted, sophisticated phishing attacks.
  • The devices that Federal staff use to do their jobs are consistently tracked and monitored, and the security posture of those devices is taken into account when granting access to internal resources.
  • Agency systems are isolated from each other, and the network traffic flowing between and within them is reliably encrypted.
  • Enterprise applications are tested internally and externally, and can be made available to staff securely over the internet.
  • Federal security teams and data teams work together to develop data categories and security rules to automatically detect and ultimately block unauthorized access to sensitive information

The government migration to zero trust security principles comes after cybersecurity companies pushed the zero-trust network model for years.

This continuous push for modern security principles culminated with the NSA and Microsoft recommending this security approach in February 2021 for large enterprises and critical networks (National Security Systems, Department of Defense, Defense Industrial Base).

Zero trust is a security approach where local devices and connections are never trusted and verification is needed at every step because defenders assume that intruders already have access to the network.

This security model was created by Forrester Research’s John Kindervag in 2010, with Google implementing some of its concepts in 2009 in an internal project (now known as BeyondCorp) after some of its intellectual property was stolen during Operation Aurora.

“In the face of increasingly sophisticated cyber threats, the Administration is taking decisive action to bolster the Federal Government’s cyber defenses,” Young added.

“This zero trust strategy is about ensuring the Federal Government leads by example, and it marks another key milestone in our efforts to repel attacks from those who would do the United States harm.”

Source link

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply



Source: Joseph Keller/iMore Until very recently, the prospect of a USB-C iPhone seemed like a pipe dream. Then in the space of just a...

Online Business Success

Gold bars from the vault of a bank are seen in this illustration picture taken in Zurich, Switzerland, on November 20, 2014. — Reuters...

Top Stories

Bitcoin (BTC) struggled to recover its latest losses on May 21 after Wall Street trading provided zero respite. BTC/USD 1-hour candle chart (Bitstamp). Source:...

Loan And Finance

Electric vehicles are becoming increasingly popular as gas prices skyrocket. In fact, automakers plan to pivot to largely electric lineups in the coming decade,...

Top Stories

The past week in the decentralized finance (DeFi) ecosystem was dominated by Terra’s collapse and its aftermath on various ecosystems it was connected. Now...


Why it matters: Opportunities to increase RAM performance typically come from the extreme memory profile (XMP) set by the manufacturer or enthusiasts with enough...


You May Also Like


Introductions get a lot of attention. I’ve explored the topic of how to write them even though as a reader, I always skip them....

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Online Business Success

The internet is now our nervous system. We are constantly streaming and buying and watching and liking, our brains locked into the global information...

Online Business Success

You can think of link building in many ways. I like to call it tedious, painful, and a test of patience. It’s also necessary...